Privacy Policy

Contents of the administrator’s privacy policy

1. The administrator’s privacy policy is information regarding the processing of personal data and other information regarding users of the website www. .pl (hereinafter referred to as the “Website”). In this privacy policy, the administrator has also included all information that data subjects should receive in accordance with the GDPR). 2. The privacy policy contains information about the processing of data obtained by the Website. Detailed information regarding the use of cookies or other similar technologies can also be found in the cookie policy available .

Data Administrator

The administrator of the personal data of the users of the Website is: (name of the administrator, address of its registered office, designation in accordance with the register of entrepreneurs) The administrator of the data can be contacted: 1) at the correspondence address: … 2) at the e-mail address: …

Purposes, legal basis and duration of data processing

1. Operation of the Site 1. In order to provide the Site service, the service provider processes: 1) information about the user’s device in order to ensure the correct operation of the services: the computer’s IP address, information contained in cookies or other similar technologies, session data, web browser data, device data, data about activity on the Site, including on individual subpages; 2) information about geolocation, if the user has consented to the service provider’s access to geolocation. Information about geolocation is used to provide more tailored offers of products and services. 3) data necessary to register the user and create an account – e-mail address, password, first and last name, country of origin, time zone, type of entity (individual user/company). 4) data necessary in the case of providing services to the user, the catalog of which may change depending on the service provided or the nature of the service – these may be, for example, address of residence or stay, date of birth, PESEL registration number, age, gender, NIP number, telephone number, education, profession and data contained in tests. 3. These data are processed in accordance with Article 6, paragraph 1, letter b of the GDPR, in order to provide the Website service, in accordance with the regulations available and in accordance with Article 6, paragraph 1, letter a of the GDPR in connection with the consent to the use of certain cookies or other similar technologies, expressed through appropriate browser settings in accordance with the Telecommunications Law or in connection with the consent to geolocation. The data are processed until the user ends their use of the Website.

Complaints

1. In order to process a complaint, the service provider processes the personal data of users submitting complaints, in particular the e-mail address, name, content of the complaint, circumstances of the event causing the complaint, information obtained in the course of processing the complaint, including explaining the event causing it. In the course of processing a complaint, the service provider may process a number of other information, including the user’s name and surname, information on the user’s use of services, cookies or other similar technologies, information on devices. 2. These data are processed in accordance with art. 6 sec. 1 letter b of the GDPR in order to provide services, i.e. an agreement on the provision of services by electronic means in accordance with the regulations available , and are processed for the time necessary to process the complaint and for no longer than 3 months after the end of the complaint procedure for archiving purposes in the event of the need to defend against potential claims against the service provider in accordance with the information provided below.

Investigative proceedings, pursuing claims

1. In the event of initiating explanatory proceedings concerning a possible violation of the provisions of the regulations or legal provisions, principles of social coexistence or good customs, proceedings for the purpose of pursuing claims by the administrator or other users or entities, defense against claims of users or other entities, the administrator may process the personal data of specific users until the conclusion of the ongoing proceedings and until the expiry of the limitation period for the administrator’s claims against the user, which is usually 3 years in accordance with the Civil Code, but in special cases provided for by law may be longer. 2. If personal data are processed for the purpose of pursuing claims of other users, such data may be made available for this purpose to another user or entity or a public authority authorized under the provisions of law, e.g. courts, police, prosecutor’s office. 3. These data will then be processed, including made available in accordance with art. 6 sec. 1 letter c of the GDPR, i.e. in order to fulfill the obligation arising from the provisions of the law regarding the obligation to consider complaints, in accordance with the Act on the provision of services by electronic means or in accordance with art. 6 sec. 1 letter l. f GDPR, i.e. in the legitimate interest of the administrator consisting in pursuing its claims against the user. The legitimate interest of the administrator will then be the overriding objective over the rights and freedoms of the service recipient.

Service Usage Statistics

1. In order to improve the quality of its services, the administrator processes statistical information regarding the use of the Website, including information about the session, IP number, amount of time spent on individual pages and subpages, use of individual service functionalities, information about the device and web browser. The administrator uses cookies or other similar technologies and statistical tools provided by … . Detailed information on the use of cookies or other similar technologies can be found . 2. This data is processed in accordance with art. 6 sec. 1 letter f of the GDPR in the legitimate interest of the administrator consisting in facilitating the use of the Website, improving the quality and functionality of the services provided, and the processing of this data does not violate the rights and freedoms of users. Information about users is not used for any additional purposes, and due to the specificity of the website service, adapting the way the content of the website is displayed, facilitating the use of the website and improving the quality of services provided on the website is not only a market standard, but also an expectation of users towards website providers. 3. In addition, the user may withdraw the expressed consent at any time by changing the settings of the web browser regarding the admissibility of using cookies or other similar technologies. 4. This data is processed as part of the administrator’s current activities, but no longer than for 60 days from receiving the information. After this time, the administrator may continue to process general statistical data, which will be devoid of any information regarding individual users. 5. The period of availability of statistical data in tools provided by … may, however, be longer than 60 days, but this is beyond the administrator’s decision-making scope. The administrator will not use them any longer, but will have potential access to them until they are deleted by the provider of the aforementioned tool.

Marketing and PR activities of the administrator

On the Website, the administrator may post marketing information about its products or services. The display of this content is carried out by the administrator in accordance with Article 6 paragraph 1 letter f of the GDPR, in accordance with the legitimate interest of the administrator consisting in the publication of content related to the services provided and the promotional content of campaigns in which the administrator is involved. At the same time, this action does not violate the rights and freedoms of users, users expect to receive content of similar content, and sometimes even expect it or it is their direct purpose of visiting the Website.

Marketing activities for other products or services

1. The Administrator may also post marketing information regarding the products or services of its contractors with whom it has concluded a marketing cooperation agreement. 2. The display of this content is carried out by the Administrator in accordance with Article 6 paragraph 1 letter f of the GDPR, in accordance with the legitimate interest of the Administrator consisting in the marketing activities of the products or services of its contractors. At the same time, this action does not violate the rights and freedoms of users, in particular due to the sporadic nature of these activities, and users expect to receive similar content due to the subject matter of the Site. The User has the right to object to the processing of his personal data for marketing purposes.

Recipients of user data

The Administrator discloses the personal data of users only to entities processing personal data under concluded data processing agreements for the purpose of providing services to the Administrator, e.g. hosting and maintenance of the Website, IT services, marketing and PR services, legal and advisory services.

Transfer of personal data to third countries

Personal data will not be processed in third countries.

Rights of persons whose personal data is concerned

1. Every data subject has the right to: 1) access – to obtain confirmation from the controller as to whether their personal data are being processed. If data about a person are being processed, they are entitled to access them and obtain the following information: about the purposes of processing, categories of personal data, recipients or categories of recipients to whom the data have been or will be disclosed, the period of data storage or the criteria for determining them, the right to request rectification, erasure or restriction of the processing of personal data of the data subject and to object to such processing (Article 15 of the GDPR); 2) to receive a copy of the data – to obtain a copy of the data being processed, with the first copy being free of charge, and for subsequent copies the controller may impose a reasonable fee resulting from administrative costs (Article 15 paragraph 3 of the GDPR); 3) to rectification – to request rectification of personal data concerning them that are incorrect or to supplement incomplete data (Article 16 of the GDPR); 4) to delete data – to request the deletion of their personal data if the controller no longer has a legal basis for their processing or the data are no longer necessary for the purposes of processing (Article 17 of the GDPR); 5) to restrict processing – to request the restriction of the processing of personal data (Article 18 of the GDPR), when: a) the data subject questions the accuracy of the personal data – for a period enabling the controller to check the accuracy of these data, b) the processing is unlawful and the data subject objects to their deletion, requesting the restriction of their use, c) the controller no longer needs the data, but they are necessary for the data subject to establish, pursue or defend claims, d) the data subject has objected to the processing – until it is determined whether the legitimate grounds on the part of the controller override the grounds for the objection of the data subject; 6) to transfer data – to receive, in a structured, commonly used and machine-readable format, personal data concerning him/her, which he/she has provided to the controller, and to request that this data be sent to another controller, if the data is processed on the basis of the consent of the data subject or a contract concluded with him/her and if the data is processed in an automated manner (Article 20 of the GDPR); 7) to object – to object to the processing of his/her personal data for the legitimate purposes of the controller, for reasons related to his/her particular situation, including profiling. In such a case, the controller assesses the existence of important legitimate grounds for processing, overriding the interests, rights and freedoms of the data subjects, or grounds for establishing, pursuing or defending claims. If, in accordance with the assessment, the interests of the person,the interests of which the data relate will outweigh the interests of the controller, the controller will be obliged to cease processing the data for these purposes (Article 21 of the GDPR); 8) to withdraw consent at any time and without giving any reason, but the processing of personal data carried out before the withdrawal of consent will continue to be lawful. Withdrawal of consent will result in the controller ceasing to process the personal data for the purpose for which the consent was given. 2. In order to exercise the above-mentioned rights, the data subject should contact the controller using the contact details provided and inform them of which right and to what extent they wish to exercise.

President of the Personal Data Protection Office

The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office with its registered office in Warsaw, ul. Stawki 2, who can be contacted in the following manner: 1) by mail: ul. Stawki 2, 00-193 Warsaw; 2) via the electronic mailbox available at: https://www.uodo.gov.pl/pl/p/kontakt; 3) by telephone: (22) 531 03 00.

Data Protection Officer

In any case, the data subject may also contact the data protection officer of the controller directly: 1) by e-mail at the following e-mail address: iod@ .pl; 2) at the above correspondence address with the note: Data Protection Officer.

Privacy Policy Changes

1. The privacy policy may be supplemented or updated in accordance with the current needs of the administrator in order to provide current and reliable information to users regarding their personal data and information about them. Users will be informed of any changes to the privacy policy on the Site. 2. This privacy policy is effective from …

Legal acts referred to in the clause

1) GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ EU L 2016 No. 119, p. 1); 2) art. 118 et seq. of the Act of 23 April 1964 – Civil Code (consolidated text: Journal of Laws of 2018, item 1025, as amended); 3) art. 8 of the Act of 18 July 2002 on the provision of services by electronic means (consolidated text: Journal of Laws of 2017, item 1219, as amended); 4) art. 173 sec. 2 of the Act of 16 July 2004 – Telecommunications Law (Journal of Laws of 2017, item 1907, as amended).